Operation
Splunk collects, indexes and correlates data in a searchable repository from which alerts, graphs, reports and dashboards can be generated. There are many systems that allow you to do something that looks like this, according to Arxhoek. “Excel, for example, also allows you to make sections and create graphs, but you must first collect the data yourself and then make it intelligible. You do this by bringing context to it, because only then you can use that data.
“Splunk installs software-based access points throughout the system that automatically extract data and transfer data from the equipment and software to Splunk’s analysis tool. That way you are no longer working on your operational system, because you pull everything into Splunk. Splunk can quickly establish correlations on the basis of this data. Suppose, for example, that I am collecting all my network data, then Splunk is already putting that data in a certain context. That gives insight immediately. For example, if I search a log file for one specific suitcase, or an error, or whatever, then I immediately get to see a cross-section of what data has correlations.”